<?php
/*
 * Author: Quan Van Sinh
 * Email: sinhvnb@vietnambiz.com
 * Update: NghiaTruong
 * Email: nghiatruong@vietnambiz.com
 * Date: 16-3-2011
 */
class user{

function user(){}

function getAllUser(){
    global $db;
    $sql="SELECT * FROM user";
    $rsAllUser = $db->query($sql);
    return $rsAllUser;
}

function checkUserExist($username){
    global $db;
    $sql="SELECT * FROM user WHERE username='".mysql_escape_string($username)."'";
    $rsUser = $db->query_first($sql);
    if($rsUser['username']!=$username){
        return TRUE;
    }else{
        return FALSE;
    }
}

function userAction(){
    if(isset($_POST['userActionType'])){
        $actionType = $_REQUEST['userActionType'];
        switch ($actionType) {
            case 'addUser':
                $this->addUser();
                break;
            case 'editUser':
                if(isset($_POST['id'])){
                    $this->editUser($_POST['id']);
                }else{
                    $this->getAllUser();
                }
                break;
            case 'updateUser':
                if(isset($_POST['edId'])){
                    $this->updateUser($_POST['edId']);
                }else{
                    $this->getAllUser();
                }
                break;
            case 'deleteUser':
                if(isset($_POST['id'])){
                    $this->deleteUser($_POST['id']);
                }else{
                    $this->getAllUser();
                }
                break;
            default:
                $this->getAllUser();
        }
    }
}

function addUser(){
    global $db;

    $username = filter($_POST['username']);
    $fullname = filter($_POST['fullname']);
    $email = filter($_POST['email']);
    $password = md5(filter($_POST['password']));
    if(isset($_POST['active']) AND $_POST['active']==1){
        $active = 1;
    }else{
        $active = 0;
    }
    if($this->checkUserExist($username)){
        $addUserSql = "INSERT INTO user (fullname,username,password,email,active) VALUES('$fullname','$username','$password','$email',$active)";
        $db->query($addUserSql);
        $_SESSION['rsMessages'] = "Add new user successfull!";
    }else{
        $_SESSION['rsMessages'] = "User already exist!";
    }
    
    
}

function editUser($id){
    global $db;
    $editUserSql = "SELECT * FROM user WHERE id = ".intval($id);
    $editRS = $db->query_first($editUserSql);
    echo json_encode(array("id"=>$editRS['id'],"fullname"=>$editRS['fullname'],"username"=>$editRS['username'],"email"=>$editRS['email'],"active"=>$editRS['active']));
    die;
}

function updateUser($id){
    global $db;
    $username = filter($_POST['edUsername']);
    $fullname = filter($_POST['edFullname']);
    $email = filter($_POST['edEmail']);
    $password = md5(filter($_POST['edPassword']));
    if(isset($_POST['edActive']) AND $_POST['edActive']==1){
        $active = 1;
    }else{
        $active = 0;
    }
    $updateUserSql = "UPDATE user SET username='$username', fullname='$fullname', email='$email', password='$password', active='$active' WHERE id = ".intval($id);
    $db->query($updateUserSql);
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
    $_SESSION['rsMessages'] = "Update user infomations successfull!";
}

function deleteUser($id){
    global $db;
    $deleteUserSql = "DELETE FROM user WHERE id = ".intval($id);
    $db->query($deleteUserSql);
    $_SESSION['rsMessages'] = "Delete user successfull!";
    die;
}
}
?>
